Javan Rasokat
@javanrasokat.bsky.social
Product Security @ Sage, Security Research & Speaker, OWASP Contributor, Hacker & Creator.
Personal blog: https://javan.de
Personal blog: https://javan.de
www.openwall.com/lists/oss-se... A "security researcher" made it to this year's DEFCON with a hallucinated fake talk.
oss-security - Re: Linux kernel: eBPF vulnerabilities
www.openwall.com
October 3, 2025 at 3:00 AM
www.openwall.com/lists/oss-se... A "security researcher" made it to this year's DEFCON with a hallucinated fake talk.
August 9, 2025 at 3:22 PM
Anyone up to chat about browser security features and the experiences you had rolling it out?
I am at #BSidesLV and #DEFCON33
2pm at Ground Floor & 3pm Training ground - the workshop is fully booked out 🥵 but join the talk for a 20min compressed session... And a chat afterwards!
I am at #BSidesLV and #DEFCON33
2pm at Ground Floor & 3pm Training ground - the workshop is fully booked out 🥵 but join the talk for a 20min compressed session... And a chat afterwards!
August 4, 2025 at 6:14 PM
Wow, that was fast. My workshop at #DEFCON is already sold out: events.humanitix.com/dc33ws-n254-... But in the beginning of the week I will be at BSidesLV as well, and on Friday (1st day of DEF CON33) I'll present a talk-version of it in the AppSecVillage - feel free to join!
Eliminating Bug Classes at Scale: Leveraging Browser Features for Proactive Defense
Register on Humanitix - Eliminating Bug Classes at Scale: Leveraging Browser Features for Proactive Defense hosted by DEF CON Workshops. DEF CON Workshops . Saturday August 9th 2025. Find event inform...
events.humanitix.com
July 16, 2025 at 10:57 AM
Wow, that was fast. My workshop at #DEFCON is already sold out: events.humanitix.com/dc33ws-n254-... But in the beginning of the week I will be at BSidesLV as well, and on Friday (1st day of DEF CON33) I'll present a talk-version of it in the AppSecVillage - feel free to join!
There’s been much debate about whether to redirect from HTTP to HTTPS in #ASVS (see: github.com/OWASP/ASVS/i...). Meanwhile, Mozilla Observatory rewards you with points for implementing this redirect. Thoughts?
January 7, 2025 at 4:45 PM
There’s been much debate about whether to redirect from HTTP to HTTPS in #ASVS (see: github.com/OWASP/ASVS/i...). Meanwhile, Mozilla Observatory rewards you with points for implementing this redirect. Thoughts?
I noticed Mozilla Observatory was updated... now embracing more fine granular tweaks, e.g.
using frame-ancestors instead of XFO and to use SRI.
Nice!
developer.mozilla.org/en-US/observ...
using frame-ancestors instead of XFO and to use SRI.
Nice!
developer.mozilla.org/en-US/observ...
HTTP Header Security Test - HTTP Observatory | MDN
Test your site’s HTTP headers, including CSP and HSTS, to find security problems and get actionable recommendations to make your website more secure. Test other websites to see how you compare.
developer.mozilla.org
January 7, 2025 at 4:42 PM
I noticed Mozilla Observatory was updated... now embracing more fine granular tweaks, e.g.
using frame-ancestors instead of XFO and to use SRI.
Nice!
developer.mozilla.org/en-US/observ...
using frame-ancestors instead of XFO and to use SRI.
Nice!
developer.mozilla.org/en-US/observ...
Indirect #PromptInjection placed into a Response-Header. I guess no need for a "ai.robots.txt" anymore if we can handle them like this? ;-)
November 20, 2024 at 3:04 PM
Indirect #PromptInjection placed into a Response-Header. I guess no need for a "ai.robots.txt" anymore if we can handle them like this? ;-)
Starting into #bsky with a special share & shoutout:
lyra.horse/blog/2024/09... fantastic write-up of a #securityresearch in today’s complex environment, by bypassing multiple browser defenses and even Sec-Fetch.
lyra.horse/blog/2024/09... fantastic write-up of a #securityresearch in today’s complex environment, by bypassing multiple browser defenses and even Sec-Fetch.
Using YouTube to steal your files
A writeup of my $4133.70 Google Drive vulnerability chain.
lyra.horse
November 18, 2024 at 4:30 PM
Starting into #bsky with a special share & shoutout:
lyra.horse/blog/2024/09... fantastic write-up of a #securityresearch in today’s complex environment, by bypassing multiple browser defenses and even Sec-Fetch.
lyra.horse/blog/2024/09... fantastic write-up of a #securityresearch in today’s complex environment, by bypassing multiple browser defenses and even Sec-Fetch.